CVE-2007-3553

Name of the Vulnerable Software and Affected Versions Oracle Application Server 11i

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page". This can be achieved by accessing specific API endpoints, such as "pls/" and "pls/MSBEP004/".

Recommendations For Oracle Application Server 11i, consider restricting access to the "Secondary Login Page" and the affected API endpoints until a fix is available. As a temporary workaround, avoid using the vulnerable "Secondary Login Page" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.